Archives

Python stdlib module — bz2. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Python stdlib module — gzip. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Python stdlib module — lzma. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

The tarfile module. extractall() and extract() follow archive entry paths as-is — path-traversal sink (zip slip) when the archive is user-supplied and extractall's filter= argument is not set to a safe filter. Python 3.12 changed the default to 'data'.

Python stdlib module — zipapp. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

The zipfile module. ZipFile.extractall() and extract() are zip-slip sinks when the archive is untrusted. Python's extractall resolves .. segments in archive members to paths outside the target directory.

Python stdlib module — zipimport. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

The zlib module for compression. decompress() on untrusted input can consume unbounded memory (zip bomb / decompression amplification). Set max_length to cap output.

Third-party Python package module — zstd. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.